Search
Find a vulnerability
Search criteria
10 vulnerabilities by sharethis
CVE-2025-12540 (GCVE-0-2025-12540)
Vulnerability from cvelistv5 – Published: 2026-01-07 08:21 – Updated: 2026-04-08 16:58
VLAI
Title
ShareThis Dashboard for Google Analytics <= 3.2.4 - Unauthenticated Google Analytics Data Exposure
Summary
The ShareThis Dashboard for Google Analytics plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.4. This is due to the Google Analytics client_ID and client_secret being stored in plaintext in the publicly visible plugin source. This can allow unauthenticated attackers to craft a link to the sharethis.com server, which will share an authorization token for Google Analytics with a malicious website, if the attacker can trick an administrator logged into the website and Google Analytics to click the link.
Severity
4.7 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| sharethis | ShareThis Dashboard for Google Analytics |
Affected:
0 , ≤ 3.2.4
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12540",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-07T16:37:31.948911Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-07T16:37:38.984Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ShareThis Dashboard for Google Analytics",
"vendor": "sharethis",
"versions": [
{
"lessThanOrEqual": "3.2.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "ifoundbug"
}
],
"descriptions": [
{
"lang": "en",
"value": "The ShareThis Dashboard for Google Analytics plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.4. This is due to the Google Analytics client_ID and client_secret being stored in plaintext in the publicly visible plugin source. This can allow unauthenticated attackers to craft a link to the sharethis.com server, which will share an authorization token for Google Analytics with a malicious website, if the attacker can trick an administrator logged into the website and Google Analytics to click the link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:58:14.741Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6781dcc5-db95-43ca-9042-a3c05414b7e6?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/googleanalytics/trunk/credentials.json?rev=3364575"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-01-06T19:59:17.000Z",
"value": "Disclosed"
}
],
"title": "ShareThis Dashboard for Google Analytics \u003c= 3.2.4 - Unauthenticated Google Analytics Data Exposure"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-12540",
"datePublished": "2026-01-07T08:21:52.708Z",
"dateReserved": "2025-10-30T23:18:03.695Z",
"dateUpdated": "2026-04-08T16:58:14.741Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-32282 (GCVE-0-2025-32282)
Vulnerability from cvelistv5 – Published: 2025-04-10 08:09 – Updated: 2026-04-28 16:12
VLAI
Title
WordPress ShareThis Dashboard for Google Analytics plugin <= 3.2.3 - Cross Site Request Forgery (CSRF) vulnerability
Summary
Cross-Site Request Forgery (CSRF) vulnerability in ShareThis ShareThis Dashboard for Google Analytics googleanalytics.This issue affects ShareThis Dashboard for Google Analytics: from n/a through <= 3.2.3.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ShareThis | ShareThis Dashboard for Google Analytics |
Affected:
0 , ≤ 3.2.3
(custom)
|
Date Public
2026-04-01 16:38
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-32282",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-10T15:21:37.523198Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-10T15:29:50.151Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "googleanalytics",
"product": "ShareThis Dashboard for Google Analytics",
"vendor": "ShareThis",
"versions": [
{
"changes": [
{
"at": "3.2.4",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.2.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rafie Muhammad | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:38:45.031Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in ShareThis ShareThis Dashboard for Google Analytics googleanalytics.\u003cp\u003eThis issue affects ShareThis Dashboard for Google Analytics: from n/a through \u003c= 3.2.3.\u003c/p\u003e"
}
],
"value": "Cross-Site Request Forgery (CSRF) vulnerability in ShareThis ShareThis Dashboard for Google Analytics googleanalytics.This issue affects ShareThis Dashboard for Google Analytics: from n/a through \u003c= 3.2.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:12:20.596Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/googleanalytics/vulnerability/wordpress-sharethis-dashboard-for-google-analytics-plugin-3-2-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
],
"title": "WordPress ShareThis Dashboard for Google Analytics plugin \u003c= 3.2.3 - Cross Site Request Forgery (CSRF) vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-32282",
"datePublished": "2025-04-10T08:09:48.186Z",
"dateReserved": "2025-04-04T10:02:38.418Z",
"dateUpdated": "2026-04-28T16:12:20.596Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-1507 (GCVE-0-2025-1507)
Vulnerability from cvelistv5 – Published: 2025-03-14 08:23 – Updated: 2026-04-08 16:45
VLAI
Title
ShareThis Dashboard for Google Analytics <= 3.2.1 - Missing Authorization to Unauthenticated Feature Deactivation
Summary
The ShareThis Dashboard for Google Analytics plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handle_actions() function in all versions up to, and including, 3.2.1. This makes it possible for unauthenticated attackers to disable all features.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| sharethis | ShareThis Dashboard for Google Analytics |
Affected:
0 , ≤ 3.2.1
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1507",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-14T13:10:59.370888Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-14T13:11:55.574Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ShareThis Dashboard for Google Analytics",
"vendor": "sharethis",
"versions": [
{
"lessThanOrEqual": "3.2.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Antonio Francesco Sardella"
}
],
"descriptions": [
{
"lang": "en",
"value": "The ShareThis Dashboard for Google Analytics plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handle_actions() function in all versions up to, and including, 3.2.1. This makes it possible for unauthenticated attackers to disable all features."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:45:07.542Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/314b8638-15e7-461d-a705-3858fe6813e7?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3255511/googleanalytics/trunk/class/core/class-ga-controller-core.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-13T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "ShareThis Dashboard for Google Analytics \u003c= 3.2.1 - Missing Authorization to Unauthenticated Feature Deactivation"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-1507",
"datePublished": "2025-03-14T08:23:04.440Z",
"dateReserved": "2025-02-20T18:57:47.136Z",
"dateUpdated": "2026-04-08T16:45:07.542Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-4094 (GCVE-0-2024-4094)
Vulnerability from cvelistv5 – Published: 2024-06-18 06:00 – Updated: 2025-03-18 20:25
VLAI
Title
Simple Share Buttons Adder < 8.5.1 - Admin+ Stored XSS
Summary
The Simple Share Buttons Adder WordPress plugin before 8.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
Severity
5.4 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/04b2feba-e009-4f… | exploitvdb-entrytechnical-description |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Simple Share Buttons Adder |
Affected:
0 , < 8.5.1
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-4094",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-18T13:08:04.606354Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-18T20:25:05.878Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:33:52.215Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/04b2feba-e009-4fce-8539-5dfdb4300433/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Simple Share Buttons Adder",
"vendor": "Unknown",
"versions": [
{
"lessThan": "8.5.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dmitrii Ignatyev"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Simple Share Buttons Adder WordPress plugin before 8.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-18T06:00:02.301Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/04b2feba-e009-4fce-8539-5dfdb4300433/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Simple Share Buttons Adder \u003c 8.5.1 - Admin+ Stored XSS",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2024-4094",
"datePublished": "2024-06-18T06:00:02.301Z",
"dateReserved": "2024-04-23T19:09:47.392Z",
"dateUpdated": "2025-03-18T20:25:05.878Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3648 (GCVE-0-2024-3648)
Vulnerability from cvelistv5 – Published: 2024-05-23 06:46 – Updated: 2026-04-08 16:32
VLAI
Title
ShareThis Share Buttons <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via sharethis-inline-buttons Shortcode
Summary
The ShareThis Share Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sharethis-inline-button' shortcode in all versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity
6.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| sharethis | ShareThis Share Buttons |
Affected:
0 , ≤ 2.3.0
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3648",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-23T16:36:35.918093Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:32:45.071Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:19:59.752Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/03b37c90-4bb5-4003-a440-3fb57a5c1cae?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/3089529/sharethis-share-buttons"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ShareThis Share Buttons",
"vendor": "sharethis",
"versions": [
{
"lessThanOrEqual": "2.3.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Krzysztof Zaj\u0105c"
}
],
"descriptions": [
{
"lang": "en",
"value": "The ShareThis Share Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin\u0027s \u0027sharethis-inline-button\u0027 shortcode in all versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:32:59.365Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/03b37c90-4bb5-4003-a440-3fb57a5c1cae?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3089529/sharethis-share-buttons"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-04-11T00:00:00.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2024-05-22T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "ShareThis Share Buttons \u003c= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via sharethis-inline-buttons Shortcode"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-3648",
"datePublished": "2024-05-23T06:46:01.621Z",
"dateReserved": "2024-04-10T21:46:20.648Z",
"dateUpdated": "2026-04-08T16:32:59.365Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-45851 (GCVE-0-2022-45851)
Vulnerability from cvelistv5 – Published: 2024-03-25 11:30 – Updated: 2026-04-28 16:07
VLAI
Title
WordPress ShareThis Dashboard for Google Analytics plugin <= 3.1.4 - Broken Access Control vulnerability
Summary
Missing Authorization vulnerability in ShareThis ShareThis Dashboard for Google Analytics.This issue affects ShareThis Dashboard for Google Analytics: from n/a through 3.1.4.
Severity
5.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/vulnerability/goo… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ShareThis | ShareThis Dashboard for Google Analytics |
Affected:
n/a , ≤ 3.1.4
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-45851",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-25T19:24:16.451325Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:15:46.804Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:24:02.831Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/googleanalytics/wordpress-sharethis-dashboard-for-google-analytics-plugin-3-1-2-broken-access-control-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "googleanalytics",
"product": "ShareThis Dashboard for Google Analytics",
"vendor": "ShareThis",
"versions": [
{
"changes": [
{
"at": "3.1.5",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.1.4",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Dave Jong (Patchstack)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in ShareThis ShareThis Dashboard for Google Analytics.\u003cp\u003eThis issue affects ShareThis Dashboard for Google Analytics: from n/a through 3.1.4.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in ShareThis ShareThis Dashboard for Google Analytics.This issue affects ShareThis Dashboard for Google Analytics: from n/a through 3.1.4."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:07:54.324Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/googleanalytics/wordpress-sharethis-dashboard-for-google-analytics-plugin-3-1-2-broken-access-control-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 3.1.5 or a higher version."
}
],
"value": "Update to 3.1.5 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress ShareThis Dashboard for Google Analytics plugin \u003c= 3.1.4 - Broken Access Control vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2022-45851",
"datePublished": "2024-03-25T11:30:01.903Z",
"dateReserved": "2022-11-23T07:45:49.030Z",
"dateUpdated": "2026-04-28T16:07:54.324Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-36848 (GCVE-0-2021-36848)
Vulnerability from cvelistv5 – Published: 2022-04-11 19:36 – Updated: 2026-04-28 16:07
VLAI
Title
WordPress Social Media Feather plugin <= 2.0.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Summary
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Social Media Feather (WordPress plugin) versions <= 2.0.4
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://wordpress.org/plugins/social-media-feathe… | x_refsource_CONFIRM |
| https://patchstack.com/database/vulnerability/soc… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Socialmediafeather | Social Media Feather (WordPress plugin) |
Affected:
<= 2.0.4 , ≤ 2.0.4
(custom)
|
Date Public
2022-02-10 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:01:59.833Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wordpress.org/plugins/social-media-feather/#developers"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/social-media-feather/wordpress-social-media-feather-plugin-2-0-4-authenticated-stored-cross-site-scripting-xss-vulnerability"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-36848",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-20T19:32:10.700018Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-20T20:28:27.703Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Social Media Feather (WordPress plugin)",
"vendor": "Socialmediafeather",
"versions": [
{
"lessThanOrEqual": "2.0.4",
"status": "affected",
"version": "\u003c= 2.0.4",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Vulnerability discovered by Asif Nawaz Minhas (Patchstack Alliance)"
}
],
"datePublic": "2022-02-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Social Media Feather (WordPress plugin) versions \u003c= 2.0.4"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.4,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:07:34.352Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wordpress.org/plugins/social-media-feather/#developers"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://patchstack.com/database/vulnerability/social-media-feather/wordpress-social-media-feather-plugin-2-0-4-authenticated-stored-cross-site-scripting-xss-vulnerability"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to 2.0.5 or higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Social Media Feather plugin \u003c= 2.0.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-02-10T14:33:00.000Z",
"ID": "CVE-2021-36848",
"STATE": "PUBLIC",
"TITLE": "WordPress Social Media Feather plugin \u003c= 2.0.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Social Media Feather (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "\u003c= 2.0.4",
"version_value": "2.0.4"
}
]
}
}
]
},
"vendor_name": "Socialmediafeather"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by Asif Nawaz Minhas (Patchstack Alliance)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Social Media Feather (WordPress plugin) versions \u003c= 2.0.4"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.4,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/social-media-feather/#developers",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/social-media-feather/#developers"
},
{
"name": "https://patchstack.com/database/vulnerability/social-media-feather/wordpress-social-media-feather-plugin-2-0-4-authenticated-stored-cross-site-scripting-xss-vulnerability",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/social-media-feather/wordpress-social-media-feather-plugin-2-0-4-authenticated-stored-cross-site-scripting-xss-vulnerability"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to 2.0.5 or higher version."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2021-36848",
"datePublished": "2022-04-11T19:36:56.299Z",
"dateReserved": "2021-07-19T00:00:00.000Z",
"dateUpdated": "2026-04-28T16:07:34.352Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-24438 (GCVE-0-2021-24438)
Vulnerability from cvelistv5 – Published: 2021-08-30 14:11 – Updated: 2024-08-03 19:28
VLAI
Title
ShareThis Dashboard for Google Analytics < 2.5.2 - Reflected Cross-Site Scripting (XSS)
Summary
The ShareThis Dashboard for Google Analytics WordPress plugin before 2.5.2 does not sanitise or escape the 'ga_action' parameter in the stats view before outputting it back in an attribute when the plugin is connected to a Google Analytics account, leading to a reflected Cross-Site Scripting issue which will be executed in the context of a logged in administrator
Severity
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/af472879-9328-45… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | ShareThis Dashboard for Google Analytics |
Affected:
2.5.2 , < 2.5.2
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:28:24.005Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/af472879-9328-45c2-957f-e7bed77e4c2d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ShareThis Dashboard for Google Analytics",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.5.2",
"status": "affected",
"version": "2.5.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "renniepak"
}
],
"descriptions": [
{
"lang": "en",
"value": "The ShareThis Dashboard for Google Analytics WordPress plugin before 2.5.2 does not sanitise or escape the \u0027ga_action\u0027 parameter in the stats view before outputting it back in an attribute when the plugin is connected to a Google Analytics account, leading to a reflected Cross-Site Scripting issue which will be executed in the context of a logged in administrator"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-30T14:11:19.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/af472879-9328-45c2-957f-e7bed77e4c2d"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ShareThis Dashboard for Google Analytics \u003c 2.5.2 - Reflected Cross-Site Scripting (XSS)",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24438",
"STATE": "PUBLIC",
"TITLE": "ShareThis Dashboard for Google Analytics \u003c 2.5.2 - Reflected Cross-Site Scripting (XSS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ShareThis Dashboard for Google Analytics",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.5.2",
"version_value": "2.5.2"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "renniepak"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ShareThis Dashboard for Google Analytics WordPress plugin before 2.5.2 does not sanitise or escape the \u0027ga_action\u0027 parameter in the stats view before outputting it back in an attribute when the plugin is connected to a Google Analytics account, leading to a reflected Cross-Site Scripting issue which will be executed in the context of a logged in administrator"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/af472879-9328-45c2-957f-e7bed77e4c2d",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/af472879-9328-45c2-957f-e7bed77e4c2d"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24438",
"datePublished": "2021-08-30T14:11:19.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:28:24.005Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-4717 (GCVE-0-2014-4717)
Vulnerability from cvelistv5 – Published: 2014-07-03 14:00 – Updated: 2024-09-16 22:30
VLAI
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in the Simple Share Buttons Adder plugin before 4.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) ssba_share_text parameter in a save action to wp-admin/options-general.php, which is not properly handled in the homepage, and unspecified vectors related to (2) Pages, (3) Posts, (4) Category/Archive pages or (5) post Excerpts.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://packetstormsecurity.com/files/127238/WordP… | x_refsource_MISC |
| https://security.dxw.com/advisories/csrf-and-stor… | x_refsource_MISC |
| https://wordpress.org/plugins/simple-share-button… | x_refsource_CONFIRM |
| http://seclists.org/fulldisclosure/2014/Jun/138 | mailing-listx_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:27:35.326Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/127238/WordPress-Simple-Share-Buttons-Adder-4.4-CSRF-XSS.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.dxw.com/advisories/csrf-and-stored-xss-in-simple-share-buttons-adder"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wordpress.org/plugins/simple-share-buttons-adder/changelog"
},
{
"name": "20140626 CSRF and stored XSS in Simple Share Buttons Adder 4.4 (WordPress plugin)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Jun/138"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the Simple Share Buttons Adder plugin before 4.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) ssba_share_text parameter in a save action to wp-admin/options-general.php, which is not properly handled in the homepage, and unspecified vectors related to (2) Pages, (3) Posts, (4) Category/Archive pages or (5) post Excerpts."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-07-03T14:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/127238/WordPress-Simple-Share-Buttons-Adder-4.4-CSRF-XSS.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.dxw.com/advisories/csrf-and-stored-xss-in-simple-share-buttons-adder"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wordpress.org/plugins/simple-share-buttons-adder/changelog"
},
{
"name": "20140626 CSRF and stored XSS in Simple Share Buttons Adder 4.4 (WordPress plugin)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Jun/138"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4717",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the Simple Share Buttons Adder plugin before 4.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) ssba_share_text parameter in a save action to wp-admin/options-general.php, which is not properly handled in the homepage, and unspecified vectors related to (2) Pages, (3) Posts, (4) Category/Archive pages or (5) post Excerpts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/127238/WordPress-Simple-Share-Buttons-Adder-4.4-CSRF-XSS.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127238/WordPress-Simple-Share-Buttons-Adder-4.4-CSRF-XSS.html"
},
{
"name": "https://security.dxw.com/advisories/csrf-and-stored-xss-in-simple-share-buttons-adder",
"refsource": "MISC",
"url": "https://security.dxw.com/advisories/csrf-and-stored-xss-in-simple-share-buttons-adder"
},
{
"name": "https://wordpress.org/plugins/simple-share-buttons-adder/changelog",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/simple-share-buttons-adder/changelog"
},
{
"name": "20140626 CSRF and stored XSS in Simple Share Buttons Adder 4.4 (WordPress plugin)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Jun/138"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-4717",
"datePublished": "2014-07-03T14:00:00.000Z",
"dateReserved": "2014-07-03T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:30:44.980Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3479 (GCVE-0-2013-3479)
Vulnerability from cvelistv5 – Published: 2013-09-05 01:00 – Updated: 2024-09-17 00:15
VLAI
Summary
Cross-site request forgery (CSRF) vulnerability in the ShareThis plugin before 7.0.6 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modify this plugin's settings.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/53135 | third-party-advisoryx_refsource_SECUNIA |
| http://wordpress.org/plugins/share-this/changelog/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:14:54.599Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "53135",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/53135"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wordpress.org/plugins/share-this/changelog/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in the ShareThis plugin before 7.0.6 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modify this plugin\u0027s settings."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-09-05T01:00:00.000Z",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"name": "53135",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/53135"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wordpress.org/plugins/share-this/changelog/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2013-3479",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in the ShareThis plugin before 7.0.6 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modify this plugin\u0027s settings."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "53135",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53135"
},
{
"name": "http://wordpress.org/plugins/share-this/changelog/",
"refsource": "CONFIRM",
"url": "http://wordpress.org/plugins/share-this/changelog/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2013-3479",
"datePublished": "2013-09-05T01:00:00.000Z",
"dateReserved": "2013-05-07T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:15:36.796Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}